A note on conjugacy search and racks

We show that for every effective left conjugacy closed left quasigroup, there is an induced rack that retains the conjugation structure of the left translations. This means that cryptographic protocols relying on conjugacy search can be secure only if conjugacy search of left translations is infeasible in the induced rack. We note that, in fact, protocols based on conjugacy search could be simply implemented using a rack. We give an exposition of the Anshel-Anshel-Goldfeld protocol in such a case.

💡 Research Summary

The paper investigates the relationship between left conjugacy closed (LCC) left quasigroups and racks, with the aim of clarifying the algebraic foundations of cryptographic schemes that rely on the conjugacy search problem. An LCC left quasigroup (Q,·) is a set equipped with a binary operation such that each element a defines a left translation L_a(x)=a·x, and for any a,b∈Q the conjugate L_a⁻¹ L_b L_a is again a left translation L_c. This closure property makes the conjugacy search problem—given L_a and L_b, find c with L_c = L_a⁻¹ L_b L_a—well defined.

The authors introduce a new binary operation ∘ on Q defined by a∘b = a·b·a⁻¹, where a⁻¹ denotes the inverse of the left translation L_a. They prove that (Q,∘) satisfies the two defining axioms of a rack: left self‑distributivity (a∘(b∘c) = (a∘b)∘(a∘c)) and left invertibility (each map x↦a∘x is a bijection). Consequently, every effective LCC left quasigroup induces a rack that exactly preserves the conjugation structure of its left translations: L_a∘L_b = L_{a∘b} and L_a⁻¹∘L_b∘L_a = L_{a⁻¹·b·a}. Therefore, the conjugacy search problem in the original LCC is isomorphic to the conjugacy search problem in the induced rack.

From a cryptographic perspective this observation yields two important consequences. First, any protocol that was originally described in terms of an LCC actually operates on the induced rack, so security analyses can be carried out directly on the rack’s conjugacy problem. Second, if a rack already possesses a hard conjugacy search problem, there is no need to embed it into a more elaborate LCC structure; the rack alone suffices as a secure platform. This simplification can reduce implementation overhead and improve performance while preserving security guarantees.

To illustrate the practical impact, the paper re‑expresses the Anshel‑Anshel‑Goldfeld (AAG) key‑exchange protocol in pure rack terminology. In the AAG protocol each participant selects a private subset of elements, publishes the images of a public set under the product of their private elements, and then derives a shared secret by repeatedly conjugating the other party’s public data. When the underlying algebraic structure is a rack, the conjugation step is precisely the rack operation a∘b = a·b·a⁻¹, so the protocol’s steps remain unchanged. Security therefore hinges entirely on the difficulty of solving the rack‑based conjugacy search problem for the chosen rack.

The authors further discuss concrete families of racks that can serve as platforms. Examples include dihedral racks, racks derived from non‑abelian groups, and algebraic racks constructed from quandles with additional properties. For each family they analyze the size of the underlying set, the computational cost of the rack operation, and known algorithmic results concerning conjugacy search. In large non‑abelian groups the conjugacy search problem is believed to be exponential‑time for all known attacks, making such racks attractive candidates. Conversely, small or highly structured racks may admit efficient attacks, underscoring the need for careful parameter selection.

Design guidelines are distilled from the analysis: (1) choose a rack based on a sufficiently large non‑commutative group to ensure a large search space; (2) ensure that the rack operation can be computed efficiently (ideally in linear or near‑linear time); (3) verify that no sub‑exponential algorithms are known for the rack’s conjugacy search problem. When these criteria are met, a rack can replace an LCC without loss of security, simplifying both theoretical proofs and practical implementations.

In conclusion, the paper establishes a structural equivalence between effective LCC left quasigroups and racks, showing that the conjugacy structure is fully captured by the induced rack. This result clarifies that the security of conjugacy‑based cryptographic protocols rests on the hardness of the rack‑conjugacy problem, and it opens the door to more streamlined protocol designs that operate directly on racks. The exposition of the AAG protocol within this framework serves as a concrete demonstration of how existing schemes can be adapted, potentially leading to more efficient and easier‑to‑analyze cryptographic constructions.